LinkedIn is obviously a very handy tool when it comes to the world of work, but far too many users of the social network are happy to connect with strangers, who could be malicious parties looking to cherry-pick precious data.
That's the headline from a new survey of 2,000 people in the UK, carried out by Intel Security, which found almost a quarter of respondents (24%) had connected with someone they didn't know on LinkedIn.
There's a chance that said unknown person could be a criminal type who simply wants to rifle through their potential victim's profile, in order to find personal details which could make a crafted spear phishing attack look far more realistic (and far more likely to be swallowed).
Raj Samani, CTO EMEA Intel Security, observed: "When a person in a similar industry to us, or a recruiter, requests to connect on LinkedIn, it may look harmless, but hackers prey on this as a means to target senior level professionals and ultimately the corporate network."
Samani further noted that attackers may start by targeting junior or middle management staff, subsequently using connections with these colleagues as a way to concoct a more successful campaign against senior execs.
Ultimately all this could lead up to a CEO fraud attack where the cybercriminal goes after the chief executive for a major payload. Samani observes that this is "a type of attack which is continuing to affect more victims and lead to even greater financial losses according to assessments by the FBI."
Lack of thought
Most of those surveyed admitted that they hadn't even wondered about whether somebody on LinkedIn might not be who they say they are – 69% of respondents in fact.
Also, 87% of those questioned said their employer had never made them aware of any social media policy pertaining to LinkedIn. Although there's a good chance many organisations don't have such a policy – as we saw in another piece of research yesterday, only half of all businesses have a policy in place.
The answer to helping combat these dangers? Naturally, it's training staff to be aware of LinkedIn imposters, and the way phishing scams are put together in general.
As ever, you should never take anything at face value, particularly links and attachments, and remember that emails may not be from who they appear to be sent by (email spoofing being another growing danger).
- Also check out the reasons why LinkedIn was recently bought by Microsoft